China Has Backdoor Access to Eighty-Percent of Communications

Former Pentagon analyst F. Michael Maloof warns that the Chinese government has backdoor access to as much as eighty-percent of the worlds telecom network traffic, giving the regime access to sensitive communications.

The mechanism for this "pervasive access", as Maloof describes it, is made possible by equipment from two Chinese based telecom giants - Huawei Technologies and ZTE Corporation - which have been the subject of much concern from Western officials.

In an article published in WND, Maloof writes that China has "the ability to undertake remote industrial espionage and even sabotage electronically of critical infrastructures in the United States and in other industrialized countries" by way of these backdoor vulnerabilities.

Telecom equipment manufactured by Huawei and ZTE is deployed in over one-hundred and forty countries, including nearly all of the fifty largest telecom operators in the world.

Maloof states that his "sources say that any information traversing 'any' Huawei equipped network isn’t safe unless it has military encryption" and that "one source warned, 'even then, there is no doubt that the Chinese are working very hard to decipher anything encrypted that they intercept,'".

At greatest risk of interception are corporate communications, which Maloof notes use less than military-grade encryption in their VPN traffic, leaving sensitive data and trade secrets vulnerable to exfiltration, especially when those communications are with partners in certain countries.

“Any U.S. company that deals with a Mexican company or any foreign company in a country where Huawei has installed network equipment is potentially entirely compromised,” Maloof quotes a source as saying.

Given the heavy subsidies provided to the Chinese-based manufacturers which make the equipment highly competitive from an economic perspective, Chinese companies have become leading suppliers of network systems over the last decade, with Huawei second only to Ericsson.

"British Telecom apparently is a major user of Huawei equipment in its core networks and one of the biggest allied countries to the U.S. with numerous electronic business exchanges occurring on a daily basis among companies," Maloof wrote.

The company stated that their practice of "data mirroring" is solely for the purpose of identifying malicious code and illegal activity.

At issue is Huawei's use of Deep Packet Inspection (DPI) techniques to monitor data transmissions. While the company maintains the practice is not abused for illicit surveillance operations, the capability is undoubtedly present.

Huawei is already the subject of a U.S. House Intelligence Committee probe into telecom firms suspected of aiding the Chinese government in spying activities. The committee's focus is over concerns over Chinese telecom giants Huawei and ZTE regarding their relationship to the People's Liberation Army (PLA).

Committee Chairman Mike Rogers had initiated the probe last fall after a preliminary inquiry into Chinese espionage operations subsequently determined the need for further investigation into threats aimed at the U.S. technology supply chain, critical infrastructure, and proprietary information.

Huawei's disclosure confirms that the company indeed has the ability to monitor and access data that may be sensitive in nature, and adding to the concerns is their ability to do so remotely.

Maloof quotes his source as stating that "any U.S. company that deals with foreign countries that have incorporated Huawei and ZTE technology into their national telecom systems is in serious jeopardy of industrial espionage without knowing it. The problem is especially serious... in this period of globalization in which companies deal routinely on a daily basis in the exchange of sensitive, proprietary information, potentially jeopardizing any protection of intellectual properties."

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.